Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Even group policy can't stop updates.


Recommended Posts

Group Policy states that automatic updates are DISABLED but it still installed them anyway. It installed the May 2021 cumulative on one of my Server 2019 systems.

image.png.0c9cc04fd5f5b16f16b40d5fe55ec038.png

  • Upvote 1
Link to post
Share on other sites

You need to dig through the Task Scheduler to find the things that check for updates or turn the disabled options back on. A lot of these tasks are under the SYSTEM or TrustedInstaller security context and/or execute in Session 0, so they are not visible to a regular logged in user, even one in the Administrators group.

Also wanted to add, I have a theory that you could point your computer to a WSUS with no updates in it to prevent updates. :sneaky:

  • Upvote 1
Link to post
Share on other sites
15 hours ago, Tripredacus said:

 Also wanted to add, I have a theory that you could point your computer to a WSUS with no updates in it to prevent updates. :sneaky:

or set wsus server to anything non existing on gpo. For example stupid.update.stop as wsus server name. It will error out as no connection:lol:. I used it once to stop updates on win10 to one client (was required not to update automatically at any case while still have networking)

  • Like 1
Link to post
Share on other sites

That sounds like a better idea that to have to determine what you want your empty WSUS to be, physical or a VM.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...